Cobalt Stike Beacon Detected – 101[.]34[.]76[.]186:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Month: January 2023
Malware Analysis – djvu – 17b59c81fe6a8a821facdb5a071eeded
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 17b59c81fe6a8a821facdb5a071eededSHA1: 5958d905895542615f5e024ad18ea1321fcb4e78ANALYSIS DATE: 2023-01-13T10:35:33ZTTPS: T1053, T1012, T1005, T1081,...
Malware Analysis – djvu – c23fe1948b4258f39114c730c04a2b9f
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, discovery, persistence, ransomware, spyware, stealer, trojanMD5: c23fe1948b4258f39114c730c04a2b9fSHA1: cffb7436ff0867e5c492d301044b0e55620b428bANALYSIS DATE: 2023-01-13T10:36:52ZTTPS: T1053,...
Malware Analysis – lockbit – 3e5b053a4107e00029a9ea5f5e282a00
Score: 10 MALWARE FAMILY: lockbitTAGS:family:lockbit, ransomwareMD5: 3e5b053a4107e00029a9ea5f5e282a00SHA1: 4edad45f0b395f5898cefa82adb3606e371f6d60ANALYSIS DATE: 2023-01-13T10:39:47ZTTPS: T1491, T1112 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...
Malware Analysis – evasion – 0d11e3db3bfdf788d51666e3374cba05
Score: 9 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 0d11e3db3bfdf788d51666e3374cba05SHA1: a20e2ca578289c6b32d74698f356242e7564dca1ANALYSIS DATE: 2023-01-13T10:23:22ZTTPS: T1490 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – dharma – b51dc59f86a48c129a128e04b7444c94
Score: 10 MALWARE FAMILY: dharmaTAGS:family:dharma, persistence, ransomware, spyware, stealerMD5: b51dc59f86a48c129a128e04b7444c94SHA1: a243e2ccfad5f60e505e631626cd72fb0e535907ANALYSIS DATE: 2023-01-13T11:02:01ZTTPS: T1060, T1112, T1107, T1490, T1005, T1081, T1082...
Malware Analysis – dharma – 9220abc8a4ead7e58bc51c54d1c8343b
Score: 10 MALWARE FAMILY: dharmaTAGS:family:dharma, persistence, ransomware, spyware, stealerMD5: 9220abc8a4ead7e58bc51c54d1c8343bSHA1: 9a9c96e8d20137c0fc05e47a51f4b05383c9b08dANALYSIS DATE: 2023-01-13T10:49:17ZTTPS: T1060, T1112, T1107, T1490, T1082, T1005, T1081...
Malware Analysis – dharma – a6de0d47bb017e59aefec6f4b00c2157
Score: 10 MALWARE FAMILY: dharmaTAGS:family:dharma, persistence, ransomware, spyware, stealerMD5: a6de0d47bb017e59aefec6f4b00c2157SHA1: a71fe7dc24be53aac39771bcddaa4654fca2a26aANALYSIS DATE: 2023-01-13T10:57:53ZTTPS: T1005, T1081, T1112, T1060, T1107, T1490, T1082...
Malware Analysis – dharma – b178705190001fcb012000eed9ba33d2
Score: 10 MALWARE FAMILY: dharmaTAGS:family:dharma, persistence, ransomware, spyware, stealerMD5: b178705190001fcb012000eed9ba33d2SHA1: db6d85f58ad3e6ebb62d92be1dbe7741023a1e7bANALYSIS DATE: 2023-01-13T11:07:24ZTTPS: T1005, T1081, T1060, T1112, T1107, T1490, T1082...
SAUTER Controls security bypass | CVE-2023-0052
NAME__________SAUTER Controls security bypassPlatforms Affected:SAUTER Controls Nova 220 DDC with BACnet connection 4.2.1 SAUTER Controls Nova 230 DDC with BACnet...
Qt Project Qt integer overflow | CVE-2022-40983
NAME__________Qt Project Qt integer overflowPlatforms Affected:Qt Qt 6.3.2Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Qt Project Qt could allow a remote attacker to execute...
Sewio RTLS Studio default account | CVE-2022-45444
NAME__________Sewio RTLS Studio default accountPlatforms Affected:Drupal Private Taxonomy Terms module for Drupal 8.x-2.5Risk Level:10Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Sewio RTLS Studio contains default...
Cisco Small Business RV016, RV042, RV042G, and RV082 Routers security bypass | CVE-2023-20025
NAME__________Cisco Small Business RV016, RV042, RV042G, and RV082 Routers security bypassPlatforms Affected:Risk Level:9Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Cisco Small Business RV016, RV042, RV042G,...
Qt Project Qt buffer overflow | CVE-2022-43591
NAME__________Qt Project Qt buffer overflowPlatforms Affected:Qt Qt 6.4Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Qt Project Qt is vulnerable to a heap-based buffer overflow,...
Sewio RTLS OS command execution | CVE-2022-47911
NAME__________Sewio RTLS OS command executionPlatforms Affected:Drupal Private Taxonomy Terms module for Drupal 8.x-2.5Risk Level:9.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Sewio RTLS could allow a...
PIXELA PIX-RT100 routers command execution | CVE-2023-22304
NAME__________PIXELA PIX-RT100 routers command executionPlatforms Affected:PIXELA PIX-RT100 RT100_TEQ_2.1.1_EQ101 PIXELA PIX-RT100 RT100_TEQ_2.1.2_EQ101Risk Level:8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________PIXELA PIX-RT100 routers could allow a remote...
Sewio RTLS cross-site request forgery | CVE-2022-45127
NAME__________Sewio RTLS cross-site request forgeryPlatforms Affected:Drupal Private Taxonomy Terms module for Drupal 8.x-2.5Risk Level:8.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Sewio RTLS is vulnerable to...
Sewio RTLS OS command execution | CVE-2022-43483
NAME__________Sewio RTLS OS command executionPlatforms Affected:Drupal Private Taxonomy Terms module for Drupal 8.x-2.5Risk Level:9.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Sewio RTLS could allow a...
Sewio RTLS code execution | CVE-2022-41989
NAME__________Sewio RTLS code executionPlatforms Affected:Drupal Private Taxonomy Terms module for Drupal 8.x-2.5Risk Level:9Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Sewio RTLS could allow a remote...
Cloudflare WARP Client privilege escalation | CVE-2022-4428
NAME__________Cloudflare WARP Client privilege escalationPlatforms Affected:Cloudflare WARP Client 2022.10.106.0Risk Level:8.9Exploitability:UnprovenConsequences:Gain Privilege DESCRIPTION__________Cloudflare WARP Client could allow a remote authenticated attacker...
PIXELA PIX-RT100 routers security bypass | CVE-2023-22316
NAME__________PIXELA PIX-RT100 routers security bypassPlatforms Affected:PIXELA PIX-RT100 RT100_TEQ_2.1.1_EQ101 PIXELA PIX-RT100 RT100_TEQ_2.1.2_EQ101Risk Level:8.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________PIXELA PIX-RT100 routers could allow a remote...
SugarCRM code execution | CVE-2023-22952
NAME__________SugarCRM code executionPlatforms Affected:SugarCRM SugarCRM 11.0 SugarCRM SugarCRM 12.0Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________SugarCRM could allow a remote authenticated attacker to execute...
Sewio RTLS cross-site request forgery | CVE-2022-47395
NAME__________Sewio RTLS cross-site request forgeryPlatforms Affected:Drupal Private Taxonomy Terms module for Drupal 8.x-2.5Risk Level:8.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Sewio RTLS is vulnerable to...
Daily Vulnerability Trends: Fri Jan 13 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-41080Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique...